News Heat Trend
Project Overview
Polkadot is a cross-chain protocol designed to connect and secure different blockchains. It provides interconnectivity and interoperability between them, enabling independent chains to securely exchange messages and perform transactions without relying on a trusted third-party. This allows for cross-chain transfers of data or assets between different blockchains, as well as the development of cross-chain DApps (decentralized applications) using the Polkadot Network. The Web3 Foundation is responsible for building Polkadot.
Hyperbridge: Losses from the vulnerability increased to approximately $2.5 million; some funds have been traced to Binance.
According to an official disclosure by Hyperbridge, the losses from the Token Gateway vulnerability incident on April 13 have been revised upward from an initial estimate of $237,000 to approximately $2.5 million. The increase stems primarily from losses incurred in incentive pools on Ethereum, Base, BNB Chain, and Arbitrum. The attacker extracted roughly 245 ETH from related contracts, then bypassed the MMR proof verification mechanism by forging cross-chain messages, minting 1 billion bridged DOT tokens and dumping them onto illiquid markets. Currently, some of the stolen funds have been traced on-chain to Binance. Hyperbridge is collaborating with Binance’s compliance team and law enforcement agencies to investigate the incident. Polkadot-native DOT and products such as Intent Gateway remain unaffected. The Token Gateway and bridged DOT contracts on the four affected EVM chains remain suspended. An external audit of the patched MMR verification logic is underway, and bridging functionality will be restored upon completion of the audit.
Polkadot Responds to Hyperbridge Vulnerability: Polkadot and Native DOT Unaffected
Polkadot’s official response to the security vulnerability discovered in Hyperbridge’s Ethereum gateway contract: Hyperbridge services have been temporarily suspended to investigate the issue. This vulnerability affects only DOT tokens bridged to Ethereum via Hyperbridge and does not impact DOT tokens within the Polkadot ecosystem or DOT transferred via other cross-chain bridges. The Polkadot mainnet, parachains, and native DOT remain secure and unaffected.
Hyperbridge: Losses from the vulnerability increased to approximately $2.5 million; some funds have been traced to Binance.
According to an official disclosure by Hyperbridge, the losses from the Token Gateway vulnerability incident on April 13 have been revised upward from an initial estimate of $237,000 to approximately $2.5 million. The increase stems primarily from losses incurred in incentive pools on Ethereum, Base, BNB Chain, and Arbitrum. The attacker extracted roughly 245 ETH from related contracts, then bypassed the MMR proof verification mechanism by forging cross-chain messages, minting 1 billion bridged DOT tokens and dumping them onto illiquid markets. Currently, some of the stolen funds have been traced on-chain to Binance. Hyperbridge is collaborating with Binance’s compliance team and law enforcement agencies to investigate the incident. Polkadot-native DOT and products such as Intent Gateway remain unaffected. The Token Gateway and bridged DOT contracts on the four affected EVM chains remain suspended. An external audit of the patched MMR verification logic is underway, and bridging functionality will be restored upon completion of the audit.
Bridged Polkadot Vulnerability Attacker Transfers $269,000 in Stolen Funds to Tornado Cash
According to on-chain analytics platform Arkham (@arkham), the attacker who exploited the Bridged Polkadot vulnerability has transferred all stolen funds to Tornado Cash, amounting to approximately $269,000.
Hyperbridge Contract Hit by MMR Proof Replay Vulnerability, Suffering ~$242,000 in Losses
According to BlockSec Phalcon, the HandlerV1 contract managed by Hyperbridge on the Ethereum network was found to contain a Merkle Mountain Range (MMR) proof replay vulnerability, resulting in approximately $242,000 in losses. The vulnerability stems from the lack of binding between proofs and requests, enabling attackers to replay historical valid proofs alongside newly forged requests to perform malicious actions—such as altering administrator privileges. In the specific incident, the attacker changed the Polkadot (DOT) token administrator and then exploited those privileges to mint additional DOT tokens for profit. Observed attack transactions include: changing the DOT token administrator and minting new tokens (losses of ~$237,400), changing the ARGN token administrator and minting new tokens (losses of ~$3,800), and host withdrawal operations. The vulnerability was discovered by PhalconSecurity and analyzed via PhalconExplorer. Previously, the Hyperbridge gateway contract was attacked, leading to the unauthorized minting and subsequent dumping of 1 billion DOT tokens on Ethereum.
Hyperbridge Gateway Contract Attacked; 1 Billion DOT Tokens Minted and Dumped on Ethereum
According to PeckShieldAlert monitoring, approximately 1 billion Polkadot (DOT) tokens have been minted and dumped on the Ethereum network. Details of the incident are still under further verification. According to CertiK monitoring, the Hyperbridge gateway contract was attacked; the attacker forged messages to tamper with the admin privileges of the Polkadot token contract on Ethereum, and profited approximately $237,000 by minting and selling 1 billion tokens.
Hyperbridge: Losses from the vulnerability increased to approximately $2.5 million; some funds have been traced to Binance.
According to an official disclosure by Hyperbridge, the losses from the Token Gateway vulnerability incident on April 13 have been revised upward from an initial estimate of $237,000 to approximately $2.5 million. The increase stems primarily from losses incurred in incentive pools on Ethereum, Base, BNB Chain, and Arbitrum. The attacker extracted roughly 245 ETH from related contracts, then bypassed the MMR proof verification mechanism by forging cross-chain messages, minting 1 billion bridged DOT tokens and dumping them onto illiquid markets. Currently, some of the stolen funds have been traced on-chain to Binance. Hyperbridge is collaborating with Binance’s compliance team and law enforcement agencies to investigate the incident. Polkadot-native DOT and products such as Intent Gateway remain unaffected. The Token Gateway and bridged DOT contracts on the four affected EVM chains remain suspended. An external audit of the patched MMR verification logic is underway, and bridging functionality will be restored upon completion of the audit.
Bridged Polkadot Vulnerability Attacker Transfers $269,000 in Stolen Funds to Tornado Cash
According to on-chain analytics platform Arkham (@arkham), the attacker who exploited the Bridged Polkadot vulnerability has transferred all stolen funds to Tornado Cash, amounting to approximately $269,000.
Polkadot Responds to Hyperbridge Vulnerability: Polkadot and Native DOT Unaffected
Polkadot’s official response to the security vulnerability discovered in Hyperbridge’s Ethereum gateway contract: Hyperbridge services have been temporarily suspended to investigate the issue. This vulnerability affects only DOT tokens bridged to Ethereum via Hyperbridge and does not impact DOT tokens within the Polkadot ecosystem or DOT transferred via other cross-chain bridges. The Polkadot mainnet, parachains, and native DOT remain secure and unaffected.
Hyperbridge Contract Hit by MMR Proof Replay Vulnerability, Suffering ~$242,000 in Losses
According to BlockSec Phalcon, the HandlerV1 contract managed by Hyperbridge on the Ethereum network was found to contain a Merkle Mountain Range (MMR) proof replay vulnerability, resulting in approximately $242,000 in losses. The vulnerability stems from the lack of binding between proofs and requests, enabling attackers to replay historical valid proofs alongside newly forged requests to perform malicious actions—such as altering administrator privileges. In the specific incident, the attacker changed the Polkadot (DOT) token administrator and then exploited those privileges to mint additional DOT tokens for profit. Observed attack transactions include: changing the DOT token administrator and minting new tokens (losses of ~$237,400), changing the ARGN token administrator and minting new tokens (losses of ~$3,800), and host withdrawal operations. The vulnerability was discovered by PhalconSecurity and analyzed via PhalconExplorer. Previously, the Hyperbridge gateway contract was attacked, leading to the unauthorized minting and subsequent dumping of 1 billion DOT tokens on Ethereum.
Hyperbridge Gateway Contract Attacked; 1 Billion DOT Tokens Minted and Dumped on Ethereum
According to PeckShieldAlert monitoring, approximately 1 billion Polkadot (DOT) tokens have been minted and dumped on the Ethereum network. Details of the incident are still under further verification. According to CertiK monitoring, the Hyperbridge gateway contract was attacked; the attacker forged messages to tamper with the admin privileges of the Polkadot token contract on Ethereum, and profited approximately $237,000 by minting and selling 1 billion tokens.
Related news
Binance Margin Will Delist Multiple Trading Pairs, Including TRX/ETH and LINK/ETH
According to the official announcement, Binance Margin will delist the following margin trading pairs on May 1, 2026, at 14:00 (UTC+8): Cross-margin trading pairs: TRX/ETH, LINK/ETH, WLD/BTC, HBAR/BTC, DOT/BTC; Isolated-margin trading pairs: TRX/ETH, LINK/ETH, WLD/BTC, HBAR/BTC, DOT/BTC.
Hyperbridge: Losses from the vulnerability increased to approximately $2.5 million; some funds have been traced to Binance.
According to an official disclosure by Hyperbridge, the losses from the Token Gateway vulnerability incident on April 13 have been revised upward from an initial estimate of $237,000 to approximately $2.5 million. The increase stems primarily from losses incurred in incentive pools on Ethereum, Base, BNB Chain, and Arbitrum. The attacker extracted roughly 245 ETH from related contracts, then bypassed the MMR proof verification mechanism by forging cross-chain messages, minting 1 billion bridged DOT tokens and dumping them onto illiquid markets. Currently, some of the stolen funds have been traced on-chain to Binance. Hyperbridge is collaborating with Binance’s compliance team and law enforcement agencies to investigate the incident. Polkadot-native DOT and products such as Intent Gateway remain unaffected. The Token Gateway and bridged DOT contracts on the four affected EVM chains remain suspended. An external audit of the patched MMR verification logic is underway, and bridging functionality will be restored upon completion of the audit.
Bridged Polkadot Vulnerability Attacker Transfers $269,000 in Stolen Funds to Tornado Cash
According to on-chain analytics platform Arkham (@arkham), the attacker who exploited the Bridged Polkadot vulnerability has transferred all stolen funds to Tornado Cash, amounting to approximately $269,000.
Polkadot Responds to Hyperbridge Vulnerability: Polkadot and Native DOT Unaffected
Polkadot’s official response to the security vulnerability discovered in Hyperbridge’s Ethereum gateway contract: Hyperbridge services have been temporarily suspended to investigate the issue. This vulnerability affects only DOT tokens bridged to Ethereum via Hyperbridge and does not impact DOT tokens within the Polkadot ecosystem or DOT transferred via other cross-chain bridges. The Polkadot mainnet, parachains, and native DOT remain secure and unaffected.
Hyperbridge Contract Hit by MMR Proof Replay Vulnerability, Suffering ~$242,000 in Losses
According to BlockSec Phalcon, the HandlerV1 contract managed by Hyperbridge on the Ethereum network was found to contain a Merkle Mountain Range (MMR) proof replay vulnerability, resulting in approximately $242,000 in losses. The vulnerability stems from the lack of binding between proofs and requests, enabling attackers to replay historical valid proofs alongside newly forged requests to perform malicious actions—such as altering administrator privileges. In the specific incident, the attacker changed the Polkadot (DOT) token administrator and then exploited those privileges to mint additional DOT tokens for profit. Observed attack transactions include: changing the DOT token administrator and minting new tokens (losses of ~$237,400), changing the ARGN token administrator and minting new tokens (losses of ~$3,800), and host withdrawal operations. The vulnerability was discovered by PhalconSecurity and analyzed via PhalconExplorer. Previously, the Hyperbridge gateway contract was attacked, leading to the unauthorized minting and subsequent dumping of 1 billion DOT tokens on Ethereum.
Hyperbridge Gateway Contract Attacked; 1 Billion DOT Tokens Minted and Dumped on Ethereum
According to PeckShieldAlert monitoring, approximately 1 billion Polkadot (DOT) tokens have been minted and dumped on the Ethereum network. Details of the incident are still under further verification. According to CertiK monitoring, the Hyperbridge gateway contract was attacked; the attacker forged messages to tamper with the admin privileges of the Polkadot token contract on Ethereum, and profited approximately $237,000 by minting and selling 1 billion tokens.